Irtsgbr

Why do UK politicians seemingly ignore opinion polls on Brexit?

Does the shape of a die affect the probability of a number being rolled?

One word riddle: Vowel in the middle

Who coined the term "madman theory"?

Is this app Icon Browser Safe/Legit?

How to answer pointed "are you quitting" questioning when I don't want them to suspect

Why isn't airport relocation done gradually?

Have you ever entered Singapore using a different passport or name?

How to save as into a customized destination on macOS?

Can someone be penalized for an "unlawful" act if no penalty is specified?

Falsification in Math vs Science

Is a "Democratic" Oligarchy-Style System Possible?

Loose spokes after only a few rides

Identify boardgame from Big movie

Feature engineering suggestion required

A poker game description that does not feel gimmicky

What is the most effective way of iterating a std::vector and why?

Which Sci-Fi work first showed weapon of galactic-scale mass destruction?

Is an up-to-date browser secure on an out-of-date OS?

Button changing it's text & action. Good or terrible?

Resizing object distorts it (Illustrator CC 2018)

slides for 30min~1hr skype tenure track application interview

Can a flute soloist sit?

Are there incongruent pythagorean triangles with the same perimeter and same area?

Active Directory Admin Denied Access - Why?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

1

Logged in as the domain admin of an Active Directory environment, I'm attempting to run this command to reboot a workstation:

@start /b cmd /c shutdown -r -f -t 1 -m \COMPUTER-NAME

I'm getting this error:

COMPUTER-NAME: Access is denied

Why would the domain admin be denied access to execute this command?

active-directory windows-server-2008-r2

share|improve this question

asked Apr 7 at 7:34

LonnieBestLonnieBest

58131030

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  IMO, this shouldn't happen! Can you check if the workstation is having group policy applied (check if domain admins is in the Administrators group), and the proper SMB settings. I once encountered this problem when SMB2 was disabled on a Windows 7 desktop, and had to manually enable through regedit!
  
  – Am_I_Helpful
  Apr 7 at 7:39
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Is the problem specific to the shutdown command, or does it also fail if you try dir \COMPUTER-NAMEc$ ?
  
  – Harry Johnston
  Apr 7 at 22:07
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Another setting to check is "Access this computer from the network" under User Rights Assignment in the local security policy. Also the corresponding "Deny access to this computer from the network".
  
  – Harry Johnston
  Apr 7 at 22:09
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The workstation might not be properly joined to the domain. I recommend logging into the workstation interactively using the local administrator account, double-checking that the computer is using the right computer name, and leaving and then re-joining the domain.
  
  – Harry Johnston
  Apr 7 at 23:54
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  ... the target account name problem can also occur in some scenarios involving multiple domains, e.g., if computer-name is in domain A but you're trying to connect to it from a machine in domain B and there is a computer object in domain B that is also named computer-name.
  
  – Harry Johnston
  Apr 7 at 23:56
  
  

  
  
  
  

 | 
show 4 more comments

1

1

Logged in as the domain admin of an Active Directory environment, I'm attempting to run this command to reboot a workstation:

@start /b cmd /c shutdown -r -f -t 1 -m \COMPUTER-NAME

I'm getting this error:

COMPUTER-NAME: Access is denied

Why would the domain admin be denied access to execute this command?

active-directory windows-server-2008-r2

share|improve this question

asked Apr 7 at 7:34

LonnieBestLonnieBest

58131030

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  IMO, this shouldn't happen! Can you check if the workstation is having group policy applied (check if domain admins is in the Administrators group), and the proper SMB settings. I once encountered this problem when SMB2 was disabled on a Windows 7 desktop, and had to manually enable through regedit!
  
  – Am_I_Helpful
  Apr 7 at 7:39
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Is the problem specific to the shutdown command, or does it also fail if you try dir \COMPUTER-NAMEc$ ?
  
  – Harry Johnston
  Apr 7 at 22:07
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Another setting to check is "Access this computer from the network" under User Rights Assignment in the local security policy. Also the corresponding "Deny access to this computer from the network".
  
  – Harry Johnston
  Apr 7 at 22:09
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  The workstation might not be properly joined to the domain. I recommend logging into the workstation interactively using the local administrator account, double-checking that the computer is using the right computer name, and leaving and then re-joining the domain.
  
  – Harry Johnston
  Apr 7 at 23:54
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  ... the target account name problem can also occur in some scenarios involving multiple domains, e.g., if computer-name is in domain A but you're trying to connect to it from a machine in domain B and there is a computer object in domain B that is also named computer-name.
  
  – Harry Johnston
  Apr 7 at 23:56
  
  

  
  
  
  

 | 
show 4 more comments

Logged in as the domain admin of an Active Directory environment, I'm attempting to run this command to reboot a workstation:

@start /b cmd /c shutdown -r -f -t 1 -m \COMPUTER-NAME

I'm getting this error:

COMPUTER-NAME: Access is denied

Why would the domain admin be denied access to execute this command?

active-directory windows-server-2008-r2

share|improve this question

asked Apr 7 at 7:34

LonnieBestLonnieBest

58131030

@start /b cmd /c shutdown -r -f -t 1 -m \COMPUTER-NAME

COMPUTER-NAME: Access is denied

share|improve this question

asked Apr 7 at 7:34

LonnieBestLonnieBest

58131030

share|improve this question

asked Apr 7 at 7:34

LonnieBestLonnieBest

58131030

asked Apr 7 at 7:34

LonnieBestLonnieBest

58131030

asked Apr 7 at 7:34

LonnieBestLonnieBest

58131030

1 Answer
1

active

oldest

votes

0

The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.

Harry Johnston suggested this command:

dir \COMPUTER-NAMEc$

That produce this error:

The target account name is incorrect.

He also suggested pining "computer-name", which showed the wrong IP address!

So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.

Anyway, after removing that old dns record, the remote reboot succeeded.

share|improve this answer

answered 13 hours ago

LonnieBestLonnieBest

58131030

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961872%2factive-directory-admin-denied-access-why%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.

Harry Johnston suggested this command:

dir \COMPUTER-NAMEc$

That produce this error:

The target account name is incorrect.

He also suggested pining "computer-name", which showed the wrong IP address!

So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.

Anyway, after removing that old dns record, the remote reboot succeeded.

share|improve this answer

answered 13 hours ago

LonnieBestLonnieBest

58131030

add a comment | 

0

The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.

Harry Johnston suggested this command:

dir \COMPUTER-NAMEc$

That produce this error:

The target account name is incorrect.

He also suggested pining "computer-name", which showed the wrong IP address!

So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.

Anyway, after removing that old dns record, the remote reboot succeeded.

share|improve this answer

answered 13 hours ago

LonnieBestLonnieBest

58131030

add a comment | 

The issue was caused by a DNS Host(A) record that got auto-created 4 years ago: where another computer (renamed since) use to have the same name as the current computer I was trying to remotely reboot. That old record pointed to a different IP address than what the current computer (with that same name) is currently using via a dhcp reservation.

Harry Johnston suggested this command:

dir \COMPUTER-NAMEc$

That produce this error:

The target account name is incorrect.

He also suggested pining "computer-name", which showed the wrong IP address!

So, I guess the shutdown command would not permit the reboot, because the computer that this old dns record pointed to was not the computer I was trying to reboot; the name in DNS did not match the name on the computer specified in the shutdown command. "Accessed denied", was all the shutdown command produced. Its too bad it wouldn't indicate WHY access was denied.

Anyway, after removing that old dns record, the remote reboot succeeded.

share|improve this answer

answered 13 hours ago

LonnieBestLonnieBest

58131030

dir \COMPUTER-NAMEc$

The target account name is incorrect.

share|improve this answer

answered 13 hours ago

LonnieBestLonnieBest

58131030

answered 13 hours ago

LonnieBestLonnieBest

58131030

answered 13 hours ago

LonnieBestLonnieBest

58131030